Recent events and responses from the President, Homeland Security, and the NSA make it clear that there’s a lot of work to be done to reduce the United State’s cyber vulnerabilities.
Some Locations Hit Harder
Two-factor-authentication platform Rublon analyzed data from the FBI’s 2020 Internet Crime Report, and found that the District of Columbia remains the most likely place in the United States to fall victim to an Internet attack, while California followed and Florida topped the list of the top states for the worst overall in terms of victims and losses. The Golden State saw losses of more than $621 million last year from cybercrime. The pandemic has certainly played a role.
“We all spent a lot more time indoors and online last year, and unfortunately as you can see from the FBI report, criminals took full advantage of this situation – extorting more than $4.2 billion from U.S. citizens through cyber-attacks. We decided to break this research down into states and analyze where cyber-attacks were most likely to occur, and in which states victims were losing the most money,” said Michal Wendrowski, managing director and founder of Rublon.
Ransomware and Veteran Data Leaked
We have now reached a point where we can ominously describe some cybercrime as “common” and in the past year that included phishing scams and ransomware attacks.
Phishing scams occurred more than twice as much as the next common attack with 241,342 victims; followed by non-payment with 108,869 victims. Extortion was the third most popular crime 76,741 victims, followed by personal data breaches 45,330.
Ransomware has also been in the news following the attack on the Colonial Pipeline, which led to gasoline shortages on the East Coast and drove up gasoline prices nationwide. It was also the most high profile attack as the D.C. police department was also targeted by cybercriminals last month to post the personnel records of almost two dozen officers, including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.
In another case personnel data may have been leaked, according to security expert Jeremiah Fowler, who discovered a non-password protected database that contained medial information related to some 200,000 military veterans. United Valor, the contractor in charge of maintaining the database, limited public access after being alerted, but Fowler said he also found a ransomware message that claimed that all of the records had already been downloaded.
“If the researcher found this database of 200,000 medical records, then who knows who else may have also found it and made off with the highly sensitive PII data of veterans,” warned Saryu Nayyar, CEO of cybersecurity research firm Gurucul.
“United Valor does not appear to be in control of the situation,” she told ClearanceJobs in an email. “They claim only two IP addresses accessed the data: United Valor’s and the researcher’s. That sounds doubtful. All in all this is a troublesome discovery, especially given the sensitivity of the data.”
At this point it seems the damage is done, but that doesn’t mean it should have been allowed to happen.
“The only explanation for having a database publicly exposed is due to poor application design and development. It might also indicate that United Valor practices poor internal cyber hygiene as it appears that ‘the data has only been accessed via our internal IP and yours,'” explained Tom Garrubba, chief information security officer at risk management firm Shared Assessments.
“This could be an indicator as to the presence of an internal threat,” Garrubba told ClearanceJobs. “There are numerous tools and logging functionality available to monitor such internal threats and it appears these are non-existent in the United Valor IT toolbox or, they exist but are poorly utilized. Such tools could have helped identify when the ‘ransomware’ occurred and provided useful in their follow up investigations.”
National Cybersecurity Safety Review Board
Last week, the Biden administration issued new executive orders to improve the nation’s cybersecurity. This included changes to policy, and Biden stated that Federal Information Systems should meet or exceed the standards and requirements laid out in the EO. The orders also called for the removal of barriers to sharing threat information and to modernize the federal government’s cybersecurity systems.
“The executive orders were a collection of efforts and thoughts around cyber security,” said Garret Grajek, CEO of cybersecurity firm YouAttest. “Many included better coordination and communication between agencies and between government and the private sector. This is a welcomed improvement. Immediately sharing of intel on attacks has to be implemented if the U.S. is going to get on top of Colonial-type of ransomware attacks and other major threats.
“Of course in a free world and free internet, the U.S. government does not own or control the traffic that goes across as a nation, the way China does. To counter this lack of centralized control, communication sharing is paramount and the executive order includes a provision to create a new National Cybersecurity Safety Review Board,” Grajek told ClearanceJobs via an email. “The National Cybersecurity Safety Review Board, modeled after the National Transportation Safety Board is an intelligent move toward this goal.”
